You just finished that thesis you’ve spent years working on. The next day you switch your device on and see a screaming red screen informing you that your files are encrypted and you have to pay 500 USD to retrieve them. You’ve just been hit by a ransomware attack. Learn more about them below.
How does ransomware work?
Ransomware is a type of malware that hackers use to encrypt the victim's data and demand a ransom to restore it. They hold the key, without which the victim is unable to access the content. They usually require payments in untraceable cryptocurrency.
There are different types of ransomware attacks depending on who they target and how they work. While scareware can be relatively harmless, doxware can threaten to publish your sensitive information to the public. There were also tons of ransomware cases most of which have done substantial damage to victims.
How does ransomware spread?
The infection methods do not differ significantly from other kinds of malware. You can get ransomware through a phishing email, a malicious link, a download from a suspicious website, or other social engineering tricks. Once activated, it encrypts the victim’s files. Finally, the malware or the hacker themselves will inform the victim on when and how to pay the ransom.
Anyone can be a ransomware target, but these entities are more likely to be attacked:
- Big companies with significant financial resources. Cybercriminals tend to target those who are more likely to pay;
- Organizations handling especially sensitive data. Sometimes companies tend to pay the ransomware if the data is very sensitive and losing it can cause lots of damage. Thus, healthcare companies are frequent targets due to the especially sensitive nature of the data;
- Individuals handling valuable data. Hackers might also threaten to expose confidential or compromising data or just destroy all the encrypted files in case they will not get the ransom;
- Entities based in wealthier countries are more likely to be attacked because they can pay more;
- Organizations or individuals with weaker security infrastructure or outdated software.
Anti-malware software or device resets may remove ransomware, but these methods are highly unlikely to save your files. It will probably be impossible to decrypt them unless you have a necessary key, though your files may be recoverable in some cases.
How to prevent ransomware
To minimize your risks, use these ransomware prevention methods:
- Don’t download anything from suspicious websites and don’t open suspicious links, emails or messages;
- Always use common sense and your knowledge of social engineering techniques, especially if you work with sensitive data;
- A secure backup is one of the best defenses against ransomware. Keep your most sensitive data in an encrypted cloud where only you will be able to access it;
- Always keep your security software up-to-date;
- If you notice any suspicious apps you do not recognize, get rid of them immediately. You can read about different ways to removing malware on Android and iPhone here;
- If your work with sensitive data or have other reasons why you might be targeted with ransomware, try to keep a low profile online and don’t discuss your position on social networks;
- Use a VPN to encrypt your traffic, so that no cybercriminal would be able to intercept it and see what you do online. Our CyberSec feature will also block suspicious websites and prevent your device from joining a botnet zombie army.
- Use strong passwords as some ransomware attempts to initiate brute force attacks to crack them. Check our NordPass app for your password storage. It is secure and easy-to-use.
What to do if you become a victim of ransomware
- Remove it immediately using anti-malware software or by wiping out your system. However, this would not save your files. Also, you will not be able to pay the ransom either;
- Do not pay the ransom. Keep in mind that you are dealing with criminals, and there’s no guarantee you will get your data back even after paying. By paying, you also support the criminals and encourage their actions;
- Immediately contact law enforcement;
- Do some research to check whether it might be scareware, which only tries to intimidate you without actually locking up your files.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!